« | Home | Recent Comments | Categories | »

Smart TV hack embeds attack code into broadcast signal—no access required

Posted on April 20th, 2017 at 17:57 by John Sinteur in category: News -- Write a comment

 

[Quote:]

A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them.

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.

“Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways,” Rafael Scheel, the security consultant who publicly demonstrated the attack, told Ars. “Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.”

Scheel’s exploit relies on a transmitter that’s based on digital video broadcasting—terrestrial, a transmission standard that’s built into the vast majority of TVs. TVs that are connected to the Internet, are currently tuned to a DVB-T-based station, support the hybrid broadcast broadband TV standard, and contain at least one critical vulnerability that can be exploited without showing any outward signs anything is amiss.

 

Apparently I was right not connecting my “smart” TV to the internet..

  1. No John, you were smart, TV was dumb. The Internet of Broken Things.

previous post: Science in America

next post: Conservatives hated an uppity negro golfing President